BookMyShow

Closes security gaps in virtualized environment

Overview

BookMyShow, a Big Tree Entertainment brand, is India’s biggest online ticketing platform for movies, plays, concerts, and sporting events. Launched in 2007 with headquarters in Mumbai, BookMyShow has offices throughout India and owns 85-90% of the online entertainment ticketing market. Its website registers about 200 million page views each month, and its mobile platform gets about a billion screen views monthly.

The company sells approximately six million tickets a month, and about 60% of its transactions take place via its mobile app. Besides offering online ticketing, the portal contains information about upcoming movies and events, show times, venue details, and artist bios.

As the premier ticketing source for major events across 87 cities, the company’s website often experiences record traffic during blockbuster movie releases or major sporting events. Customers eager to grab seats have little patience with a slow website. To make the user experience quick and easy, BookMyShow employs a team of more than 100 engineers spread across three locations to monitor and upgrade the site.

Challenges

BookMyShow’s increasing popularity has turned the company into a target for hackers and malicious software. “When we built the site, security was not at the top of our list,” said Viraj Patel, Vice President of Technology for Big Tree Entertainment. “We combatted low-profile hacks with a variety of tools and techniques, but found it a challenge to cope with bigger, more sophisticated attacks,” he added.

BookMyShow operates 600 virtualized servers in a 90% virtualized environment. These servers are segmented into several zones, including servers for customer data and credit card information, database servers, and web application servers. In this complicated environment, maintaining firewall rules manually was a tedious task with potential for error. The company needed a simpler and more reliable way to extend protection across isolated network segments that do not have access to each other.

"Using a complex mix of old and new technologies to protect an ever-evolving website became a huge headache for the company. With Trend Micro, we found all the capabilities we needed in one comprehensive solution."

Viraj Patel,Vice president of technology,
Big Tree Entertainment

Protecting customer data and complying with the Payment Card Industry Data Security Standard (PCI DSS) are important to BookMyShow but previously were very labor-intensive. They used multiple open source tools, each with its own management console, for monitoring files and logs. The company also faced the problem of how to avoid taking the system down for emergency patching. On the one hand, public-facing servers are prone to attacks and need vulnerabilities patched. On the other hand, downtime leads to significant income loss.

Solution

Currently, BookMyShow deploys agentless and agent-based versions of Trend Micro™ Deep Security™ solution to protect 18 VMware ESX hypervisors, about 300 virtual machines and a small number of physical servers. “Trend Micro’s Deep Security solution integrates extremely well with the virtualization technology we use. It is installed at the hypervisor layer and gives us visibility into everything in our environment,” said Patel.

BookMyShow relies on Deep Security for comprehensive protection against sophisticated attacks throughout its complex virtualized environment. The solution’s firewall module solves the problem of securing isolated virtualized servers with central management of firewall policy and templates for common server types. The company uses virtual patching to protect against vulnerabilities without the disruption of a reboot.

Deep Security protects BookMyShow’s virtual environment against the most sophisticated attacks by isolating malware from critical operating system and security components. Log inspection helps the company comply with PCI DSS by identifying suspicious behavior and security events across the data center.

Why Trend Micro

Customers in India quickly embraced the concept of online ticketing and turned BookMyShow into a major success. With success came unwanted attention and a need to replace piecemeal open source security tools with a more comprehensive solution. “Using a complex mix of old and new technologies to protect an ever-evolving website became a huge headache for the company,” said Patel. “With Trend Micro, we found all the capabilities we needed in one comprehensive solution,” he added.

Results

“Our experience with Trend Micro has been great,” says Patel, who was particularly surprised to discover that Deep Security could take over the roles of multiple point products and offer better security without compromising server performance. “Even after doing so many tasks, Deep Security runs at an amazing speed. I’ve gone back to my team to find out if the Deep Security system is up, because I don’t see any performance lags,” he adds.

The multiple security tools BookMyShow used to employ required management from separate consoles. Today, the IT staff uses a single dashboard for greater efficiency. From there, they can monitor operating system and application files and look for suspicious behavior in log files. It’s easier to remain PCI compliant with centralized security controls that reduce the time and effort to support audits and produce reports on compliance status, detected attacks, and prevented vulnerabilities.

BookMyShow is exploring Platform as a Service options that would allow them to scale up for weeks or days when popular movie launches or sporting events cause a spike in website traffic. With Deep Security in place, they will be able to easily extend security to cloud workloads. Deep Security is optimized for virtualized, cloud, and hybrid environments. Tight integration with leading cloud service providers such as Amazon Web Services (AWS) and Microsoft Azure make deployment fast and easy. The company is also looking at the Trend Micro™ Deep Discovery™ solution to detect and respond to targeted attacks and advanced persistent threats.